Developer of BrickerBot Malware Claims He Destroyed Over Two Million Devices (bleepingcomputer.com)

← Back to Stories (view on slashdot.org)

Developer of BrickerBot Malware Claims He Destroyed Over Two Million Devices (bleepingcomputer.com)

Posted by BeauHD on Friday April 21, 2017 @01:20PM from the unintended-consequences dept.

An anonymous reader writes: In an interview today, the author of BrickerBot, a malware that bricks IoT and networking devices, claimed he destroyed over 2 million devices, but he never intended to do so in the first place. His intentions were to fight the rising number of IoT botnets that were used to launch DDoS attacks last year, such as Gafgyt and Mirai. He says he created BrickerBot with 84 routines that try to secure devices so they can't be taken over by Mirai and other malware. Nevertheless, he realized that some devices are so badly designed that he could never protect them. He says that for these, he created a "Plan B," which meant deleting the device's storage, effectively bricking the device. His identity was revealed after a reporter received an anonymous tip about a HackForum users claiming he was destroying IoT devices since last November, just after BrickerBot appeared. When contacted, BrickerBot's author revealed that the malware is a personal project which he calls "Internet Chemotherapy" and he's "the doctor" who will kill all the cancerous unsecured IoT devices.

4 of 88 comments (clear)

Min score:

Reason:

Sort:

Mighty Fine by Anonymous Coward · 2017-04-21 13:28 · Score: 5, Insightful

Doing some righteous work.
If he gets busted... by Type44Q · 2017-04-21 13:33 · Score: 5, Funny

If he gets busted, I'm good for a $20 towards his legal costs... but if he's willing to target all IoT devices, I'll make it a hundred. ;)
1. Re: If he gets busted... by bill_mcgonigle · 2017-04-21 14:49 · Score: 5, Insightful
  
  If users have their devices bricked, they may simply buy another vulnerable IoT device to replace it, perhaps from the same manufacturer.
  Are you suggesting there are people who will keep buying the same type of e.g. WiFi lightbulbs that work for a couple hours and then stop working, without returning them?
  A return usually costs more than the profit on a device; it's an economically valid feedback mechanism assuming that kind of person isn't actually common. It seems unlikely to me that it is the typical behavior pattern.
  
  --
  My God, it's Full of Source!
  OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Not a permanent solution. by Gravis+Zero · 2017-04-21 15:25 · Score: 5, Insightful

The problem with this solution is that the companies are not getting the negative finacial feedback (punishment) that they need to correct their behavior.
I've said it before but it's worth repeating.
IoT vendors will only secure their devices after it starts costing them money or are legally required to do so.
The best option is to high jack the IoT devices to DDoS their makers because it creates a direct feedback loop. The more insecure devices they sell, the more it will cost them to host their company's website(s). For extra points, only target their parent company. ;)

--
Anons need not reply. Questions end with a question mark.